Fact Sheet

About the Company

Palamida was founded in 2004 to develop products and services to help our customers manage the Open Source and other types of third party software often used in software development projects. In today’s software development environment it is typical to find that fifty percent or more of the lines of code originate from an outside source, typically Open Source, but also from commercial sources. This leads immediately to the question “What’s in My Code?”, a question that can be difficult and time-consuming to answer. Palamida products and services answer that question. Our special-purpose search engine scans code, comparing it with billions of source code fingerprints and exact file matches to establish the origin and version of externally written code elements. Once known, Palamida’s extensive database will return information about license, vulnerabilities and cryptography as well as establishing a permanent record of usage. With this knowledge, organizations can reduce their risk of intellectual property infringement, security vulnerabilities and export control issues. Our proven request and authorization workflow allows developers to gain approval prior to usage, and records the details of planned usage. Our Professional Services team has performed hundreds of engagements, offering everything from fast turnaround M&A analysis to long term projects to establish a content baseline for an organizations entire software portfolio. Palamida has a worldwide customer base, ranging from small startups to some of the world’s largest companies. Palamida is located in San Francisco and is privately held.

Products and Services

Enterprise Edition – Enterprise Edition contains the full set of scanning and analysis features as well as request and authorization workflow. It is ideally suited for an organization desiring to establish an end-to-end solution for managing Open Source and other third party code in their development projects. With a library of over five million open source components, and over 2.1M automated detection rules, code scanning with Enterprise Edition is comprehensive and increasingly automated. The integration of request and authorization workflow with scanning allows organizations to implement a full cycle solution starting with the request to use, followed by scanning and reconciliation of actual and requested contents.

Palamida Compliance Edition – Compliance Edition contains the scanning and analysis features, without the request and authorization workflow. It is designed for organizations who need to focus first on analysis of code content, perhaps as a result of an immediate requirement for disclosures (Third Party Notices). Compliance Edition has all of the scanning and analysis features of Enterprise Edition, and can run on a single laptop for small organizations or on a higher capacity server for expanded capacity. It can be upgraded to Enterprise Edition easily at any time.

Palamida Governance Edition – Governance Edition contains the request and approval workflow features, and does not contain the scanning and analysis features. This edition is designed for organizations who wish to start their compliance program with a focus on developer disclosure instead of scanning. This approach minimizes the requirements for staffing an analysis function, yet allows organizations to generate disclosures (Third Party Notices) based on developer disclosures. Governance Edition can be upgraded to Enterprise Edition easily at any time.

Palamida Professional Services – For software merger and acquisition (M&A) due diligence, or for other high priority analysis projects, Palamida Professional Services delivers accurate, fully documented reports with results tailored to the specifics of the engagement. Palamida Professional Services is the ideal solution for organizations with a time-critical requirement or with a desire to jumpstart a compliance program via analysis of key internal projects. In either case, our PS team has the experience and the knowledge to produce timely results and to help you turn them into actionable next steps. Results include an inventory of third party code in use and license and/or vulnerability issues associated with the findings.